Tuesday, May 28, 2013
Complete DHS Daily Report for May 28, 2013
Daily Report
Top Stories
• The Industrial Control Systems Cyber Emergency
Response Team released an advisory concerning two industrial control devices
because they contain hard-coded backdoors that permit remote access. – The
Register
2.
May 24, The Register – (International)
Feds slam hacker-friendly backdoors in jalopy, grub factories. The
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released an
advisory outlining a security vulnerability in Turck BL20 and BL67 Programmable
Gateways because they contain hard-coded backdoors that permit remote access.
The devices are used in various manufacturing, agricultural, and food
processing applications. Source: http://www.theregister.co.uk/2013/05/24/turck_industrial_control_backdoor/
• An employee of a foundry in Penn Township,
Pennsylvania, entered the facility armed with an assault rifle and handgun,
ordered employees to leave, and then fled before later surrendering to police.
– Pittsburgh Tribune-Review
4.
May 23, Pittsburgh Tribune-Review –
(Pennsylvania) Suspect surrenders in Penn Township foundry evacuation. An
employee of the Perma-Cast Inc. foundry in Penn Township entered the facility
armed with an assault rifle and handgun, ordered employees to leave, and then
fled before later surrendering to police. Source: http://triblive.com/news/westmoreland/4071066-74/police-smith-business#axzz2UDfo9Lyv
• A section of a bridge on Interstate 5 in
Mount Vernon, Washington, collapsed, sending cars and people into the water. – ABC
News
10.
May 23, ABC News – (Washington) I-5
Bridge collapse over Skagit River in Washington sends cars, people into water. A
section of a bridge on Interstate 5 in Mount Vernon, Washington, collapsed,
sending cars and people into the water. Three people were taken to local
hospitals and authorities were investigating the cause of the collapse. Source:
http://abcnews.go.com/US/bridge-collapse-skagit-river-washington-sends-cars-people/story?id=19246280#.UZ9UTLWkr44
• A fire which started in the basement of the
74-unit Hilltop Place Apartments in Allouez, Wisconsin, displacing 107 people.
– Green Bay Press Gazette
32.
May 24, Green Bay Press Gazette –
(Wisconsin) Allouez apartment complex fire leaves dozens homeless. More
than 21 fire crews responded to a May 23 fire which started in the basement of
the 74-unit Hilltop Place Apartments in Allouez and burned for 8 hours before
being extinguished. Authorities were still investigating the cause of the blaze
which left 107 people displaced in a building valued at $2.3 million. Source: http://www.greenbaypressgazette.com/article/20130523/GPG0101/305230287/Allouez-apartment-complex-fire-leaves-dozens-homeless
Details
Banking and Finance Sector
5. May 23, WCNC 22 Charlotte – (North Carolina) CMPD
busts financial theft ring accused of stealing $300K. State and federal
authorities arrested 10 suspects and identified one other in an alleged stolen
checks and identity theft network that stole more than $300,000. Source: http://www.wcnc.com/news/crime/CMPD-busts-financial-theft-ring-accused-of-stealing-300K-208685671.html
6. May 23, Associated Press – (North Carolina) Charlotte
man pleads guilty to securities fraud. A Charlotte man pleaded guilty to
running an $8.9 million Ponzi scheme through his hedge fun Maiden Capital Opportunity
Fund. Source: http://www.wral.com/charlotte-man-pleads-guilty-to-securities-fraud/12479069/
For another story,
see item 29 below in the Information Technology Sector
Information Technology Sector
28.
May 24, The Register – (International)
Microsoft exposes green users’ privates in web quiz snafu. A Web design
issue on Microsoft’s Greener IT Challenge Web site left the names and email
addresses of users easily accessible after users completed the site’s quiz.
Microsoft resolved the issue. Source: http://www.theregister.co.uk/2013/05/24/ms_greener_it_test_spam_snafu/
29.
May 23, SC Magazine – (International) Event
ticketing company hacked, at least tens of thousands affected. Online
ticketing company Vendini was the victim of a server attack that exposed tens
of thousands of users’ credit card information, names, addresses, and email
addresses. Source: http://www.scmagazine.com/event-ticketing-company-hacked-at-least-tens-of-thousands-affected/article/294677/
Communications Sector
30.
May 22, KTTC Rochester – (Minnesota) Thieves
likely targeting copper, steal fiber optic cable. Thieves that hit an
Olmsted County cell tower cut through two spools of fiber optic cable, stole
expensive rope, and caused an estimated $100,000 worth of damage between May 20
and May 21. Source: http://www.kttc.com/story/22394245/2013/05/22/thieves-likely-targeting-copper-steal-fiber-optic-cable
31.
May 22, Portsmouth Herald – (Maine;
New Hampshire; Vermont) USA Telephone customers’ service shut off suddenly. Telephone
and internet services to approximately 2,400 businesses and Maine, New
Hampshire, and Vermont residents were suddenly cut off after Fairpoint
Communications cut services May 21 due to local provider USA Telephone owing
the company money. Source: http://www.seacoastonline.com/apps/pbcs.dll/article?AID=/20130522/NEWS/130529868/-1/NEWSMAP
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.